WO2007072450A3 - Puf protocol with improved backward security - Google Patents
Puf protocol with improved backward security Download PDFInfo
- Publication number
- WO2007072450A3 WO2007072450A3 PCT/IB2006/054989 IB2006054989W WO2007072450A3 WO 2007072450 A3 WO2007072450 A3 WO 2007072450A3 IB 2006054989 W IB2006054989 W IB 2006054989W WO 2007072450 A3 WO2007072450 A3 WO 2007072450A3
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- protocol
- puf
- authenticating
- physical token
- physical
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3823—Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
- G06Q20/4097—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
- G06Q20/40975—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F19/00—Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
- G07F19/20—Automatic teller machines [ATMs]
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3278—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2103—Challenge-response
Abstract
The present invention relates to a physical token (102), a method of authenticating a physical token (102) and a device (104) for authenticating a physical token. A basic idea of the present invention is to provide a protocol for secure data exchange between two parties, and in particular for authenticating a physical token, such as a smart card comprising a physical unclonable function (PUF), in which protocol a cryptographic key is used which cannot be traced back in time, because the key is obtained by means of a noninvertible function, i.e. a one-way function. The parties may e.g. comprise a verifying party in the form of a bank with which a cash withdrawal is to be effected and a party to be authenticated, which are embodied by an ATM withdrawal card to which a user has access.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP05112907.0 | 2005-12-23 | ||
EP05112907 | 2005-12-23 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2007072450A2 WO2007072450A2 (en) | 2007-06-28 |
WO2007072450A3 true WO2007072450A3 (en) | 2007-10-25 |
Family
ID=38169364
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IB2006/054989 WO2007072450A2 (en) | 2005-12-23 | 2006-12-21 | Puf protocol with improved backward security |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2007072450A2 (en) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050044385A1 (en) * | 2002-09-09 | 2005-02-24 | John Holdsworth | Systems and methods for secure authentication of electronic transactions |
DE602007013697D1 (en) | 2006-01-24 | 2011-05-19 | Verayo Inc | |
TW201039170A (en) * | 2009-04-28 | 2010-11-01 | Thomson Licensing | System and method for detecting genuine copies of pre-recorded digital media |
US20130298211A1 (en) * | 2012-04-03 | 2013-11-07 | Verayo, Inc. | Authentication token |
US10749694B2 (en) | 2018-05-01 | 2020-08-18 | Analog Devices, Inc. | Device authentication based on analog characteristics without error correction |
US11044107B2 (en) | 2018-05-01 | 2021-06-22 | Analog Devices, Inc. | Device authentication based on analog characteristics without error correction |
US11245680B2 (en) | 2019-03-01 | 2022-02-08 | Analog Devices, Inc. | Garbled circuit for device authentication |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0492692A2 (en) * | 1990-12-20 | 1992-07-01 | Delco Electronics Corporation | Remote accessing system |
WO2005041000A1 (en) * | 2003-10-23 | 2005-05-06 | Koninklijke Philips Electronics N.V. | Method for protecting information carrier comprising an integrated circuit |
-
2006
- 2006-12-21 WO PCT/IB2006/054989 patent/WO2007072450A2/en active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0492692A2 (en) * | 1990-12-20 | 1992-07-01 | Delco Electronics Corporation | Remote accessing system |
WO2005041000A1 (en) * | 2003-10-23 | 2005-05-06 | Koninklijke Philips Electronics N.V. | Method for protecting information carrier comprising an integrated circuit |
Non-Patent Citations (1)
Title |
---|
W RANKL AND W EFFING: "Handbuch der Chipkarten", 2002, HANSER VERLAG, MÜNCHEN, XP002440671 * |
Also Published As
Publication number | Publication date |
---|---|
WO2007072450A2 (en) | 2007-06-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108270571B (en) | Internet of Things identity authorization system and its method based on block chain | |
US7933840B2 (en) | Electronic signature security system | |
GB2423854B (en) | Portable security transaction protocol | |
WO2007072450A3 (en) | Puf protocol with improved backward security | |
Giri et al. | A novel and efficient session spanning biometric and password based three-factor authentication protocol for consumer USB mass storage devices | |
CN110381055A (en) | RFID system privacy-protection certification protocol method in healthcare supply chain | |
Liou et al. | A sophisticated RFID application on multi-factor authentication | |
SG128516A1 (en) | Updating a mobile payment device | |
CN110176989A (en) | Quantum communications service station identity identifying method and system based on unsymmetrical key pond | |
CN105871866A (en) | System and method for password management based on computer hardware information | |
CN108263105A (en) | A kind of intelligent antifaking method for seal | |
CN102142963A (en) | Multi-transaction factor-based challenge password authenticating system and method | |
Lee et al. | Improvement of Li-Hwang's biometrics-based remote user authentication scheme using smart cards | |
Singh | Multi-factor authentication and their approaches | |
Joshi | Session passwords using grids and colors for web applications and PDA | |
Reddy et al. | A comparative analysis of various multifactor authentication mechanisms | |
Gaurav et al. | An intuitive approach to prevent smart card fraud using fingerprinting authentication and enhanced data encryption standard (EHDES) | |
Prakash et al. | A generic framework to enhance two-factor authentication in cryptographic smart-card applications | |
Najera et al. | Security Mechanisms and Access Control Infrastructure for e-Passports and General Purpose e-Documents. | |
Madhusudhan et al. | An enhanced biometrics-based remote user authentication scheme using mobile devices | |
Molla | Mobile user authentication system (MUAS) for e-commerce applications. | |
Toth | Brewing next generation identity | |
Lin et al. | Cryptanalysis and Improvement on Lee-Chen’s One-Time Password Authentication Scheme | |
Jeon et al. | Enhanced Password-based Remote User Authentication Scheme Using Smart Cards | |
Thandeeswaran et al. | An efficient and secure biometric authentication scheme for M-Commerce |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 06842644 Country of ref document: EP Kind code of ref document: A2 |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 06842644 Country of ref document: EP Kind code of ref document: A2 |